Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What should an incident responder do when handling organizations with compromised accounts?

  1. Change passwords only on impacted accounts

  2. Re-issue new accounts to employees

  3. Leave accounts as is and monitor

  4. Block login attempts from unknown devices

The correct answer is: Re-issue new accounts to employees

Re-issuing new accounts to employees can be seen as a comprehensive approach in responding to compromised accounts within an organization. This action goes beyond altering just passwords and effectively eliminates potential ongoing access by attackers who may have gained control of accounts. When accounts are compromised, simply changing passwords may not be sufficient, as attackers can retain access through other means, such as session tokens or persistence mechanisms. By providing new accounts, the incident responder ensures that any malicious activity linked to the previous accounts is nullified, reinforcing the security posture of the organization. This strategy can also help initiate a clean slate for the employees in question, making it easier to monitor their activities and reduce the risk of further breaches. In addition, creating new accounts allows the organization to implement additional security measures, such as enabling multi-factor authentication (MFA), making the accounts far less susceptible to future compromises. It is important to communicate with employees during this process to ensure they understand the situation and are properly set up with their new credentials. This approach serves not only to remediate the immediate issue but also promotes a culture of security awareness and readiness within the organization.

More Questions Like This